A Cortex XSOAR customer has a phishing use case in which a playbook has been implemented with one of the steps blocking a malicious URL found in an email reported by one of the users. What would be the appropriate next step in the playbook?
A.
Email the CISO to advise that malicious email was found.
B.
Disable the user's email account.
C.
Email the user to confirm the reported email was phishing.
Email the user to confirm the reported email was phishing. This step ensures the user is informed that their report was accurate, reinforces the importance of their vigilance, and encourages continued reporting of suspicious emails. It also closes the communication loop, providing feedback to the user who reported the phishing attempt.
the most appropriate next step is to email the user to confirm that the reported email was phishing. This confirmation is crucial for maintaining effective communication and ensuring proper incident handling.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
engineerpe25
4 days, 8 hours ago[Removed]
8 months, 1 week agogarcem
8 months, 2 weeks agogarcem
8 months, 2 weeks ago5688ac9
8 months, 3 weeks agof1b354a
9 months, 1 week agoTeachTrooper
9 months, 4 weeks ago